CVE-2016-1401

Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) Central Software version 1.4(1a)

Description The issue is related to a cross-site scripting (XSS) vulnerability in the management interface. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted value. The exploitation of this vulnerability may enable a remote attacker to embed arbitrary web or HTML code by entering special parameters.

Recommendations For Cisco Unified Computing System (UCS) Central Software version 1.4(1a), consider restricting access to the management interface until a fix is available. As a temporary workaround, avoid using the management interface with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.